Thursday, 11 January 2018

Active Directiory

AD DS Administration Tools
  • Active Directory Administration snap-ins
  • Active Directory Administrative Center
  • Active Directory module in Windows PowerShell
  • Directory Service commands

Managing User Accounts

  • Delete a user account
  • Create a new user account
  • Move the user account
  • View the WINDOWS POWERSHELL HISTORY
  • Use Windows PowerShell to manage user accounts
  • Find inactive user accounts
  • Find disabled user accounts
  • Delete disabled user account
Steps:-
     Delete a user account
  1. Sign in to LON‑DC1 as Adatum\Administrator with the password .
  2. On LON‑DC1, in Server Manager, click Tools.
  3. Click Active Directory Administrative Center.
  4. In the Active Directory Administrative Center, click Adatum (local), and then double‑click Managers.
  5. In Managers, right‑click Ed Meadows, and then click Delete.
  6. In the Delete Confirmation dialog box, click Yes.
Create a new user account
  1. In the Action pane, click New, and then click User.
  2. In the Create User dialog box, in Full name, type Ed Meadows.
  3. In User UPN logon, type Ed.
  4. In Password and Confirm password, type Password, and then click OK.

Move the user account

  2. Right‑click Ed Meadows, and then click Move.
  3. Click the IT organizational unit (OU), and then click OK.
  4. In the navigation pane, click Adatum (local).
  5. In the results pane, double‑click IT.
  6. Verify that Ed Meadow’s account is listed.

View the WINDOWS POWERSHELL HISTORY
  • If you have not already done so, maximize Active Directory Administrative Center.
  • At the bottom of the Active Directory Administrative Center window, click
  • WINDOWS POWERSHELL HISTORY to expand the history section.
a.The Remove-ADObject command and the switches used with it to delete Ed Meadows.
b.The New-ADUser command and the switches used with it to recreate Ed Meadows.
c.The additional commands used to configure the Ed Meadows account.
d.The Move-ADObject command and the switches used with it to move Ed Meadows.
Close the Active Directory Administrative Center.
Find users who have not signed in during the last 30 days
  1. On the taskbar, click the Windows PowerShell icon.
  2. To create a variable to specify the past 30 days, type the following command, and then press Enter:
$logonDate = (get‑date).AddDays(‑30)
  1. To find all the user accounts that have not signed in during the past 30 days, type the following command, and then press Enter:
Get‑ADUser ‑Filter{lastLogon ‑le $logonDate}
The results include nearly every account in the domain because most of the accounts have never signed in.

Group Types

  • Distribution groups

Used only with email applications
Not security-enabled (no SID); cannot be given permissions
  • Security groups
  • Security principal with a SID; 
  • can be given permissions
  • Can also be email-enabled

Both security groups and distribution groups can be converted to the other type of group

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)